#! /bin/sh /usr/share/dpatch/dpatch-run
## 02_CVE-2008-1771.dpatch by Nico Golde <nion@debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Fix integer overflow leading to heap-based buffer overflow causing a
## DP: remote Denial of Service and possibly allows to execute arbitrary code.
## DP: Referenced as CVE-2008-1771.

@DPATCH@
diff -urNad mt-daapd-0.9~r1696~/src/webserver.c mt-daapd-0.9~r1696/src/webserver.c
--- mt-daapd-0.9~r1696~/src/webserver.c	2007-10-22 05:40:29.000000000 +0200
+++ mt-daapd-0.9~r1696/src/webserver.c	2008-04-17 19:01:56.000000000 +0200
@@ -719,7 +719,12 @@
         return FALSE;
     }
 
-    length=atoi(content_length);
+    length=strtol(content_length, NULL, 10);
+    if(EINVAL == errno || UINT_MAX - 1 <= length){
+        ws_dprintf(L_WS_WARN, "Thread %d: Suspicious Content-Length value, ignoring request\n", pwsc->threadno);
+        return FALSE;
+    }
+
     ws_dprintf(L_WS_DBG,"Thread %d: Post var length: %d\n",
             pwsc->threadno,length);
 
